General
-
Target
Inq Form.xls.exe
-
Size
245KB
-
Sample
211027-3atm5sggb4
-
MD5
4fcf859ac18a9562510e3ed11210340f
-
SHA1
33e1fe0812598dbc752469f8b142a7988d83e7ea
-
SHA256
8bd87aa08be3aebea3031d2ed817267f3b0a8272e39f396ae4ab4de256956455
-
SHA512
5ce07cb3969a7a55dc310d30460aa5fc8f0400c2c216f45be1eb9bca874eafec8511a46b0e997ef6be0f7c68932838846e6756a195f6b44af4cc1272c232d789
Static task
static1
Behavioral task
behavioral1
Sample
Inq Form.xls.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Inq Form.xls.exe
Resource
win10-en-20211014
Malware Config
Extracted
warzonerat
alliedofficewarz.ddns.net:6060
Targets
-
-
Target
Inq Form.xls.exe
-
Size
245KB
-
MD5
4fcf859ac18a9562510e3ed11210340f
-
SHA1
33e1fe0812598dbc752469f8b142a7988d83e7ea
-
SHA256
8bd87aa08be3aebea3031d2ed817267f3b0a8272e39f396ae4ab4de256956455
-
SHA512
5ce07cb3969a7a55dc310d30460aa5fc8f0400c2c216f45be1eb9bca874eafec8511a46b0e997ef6be0f7c68932838846e6756a195f6b44af4cc1272c232d789
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Warzone RAT Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-